ING Information Security Management Focal points for the future

Similar documents
Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

Cyber Security Trends Market trends from leading security analysts and consultants at TÜV Rheinland, OpenSky, and OpenSky UK

Security Risk Management Strategy in a Mobile and Consumerised World

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

CYBER SECURITY, A GROWING CIO PRIORITY

Marble & MobileIron Mobile App Risk Mitigation

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

CHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder

Cloud App Security. Tiberio Molino Sales Engineer

Nine Cyber Security Trends for 2016

How Microsoft runs IT. Ludwig Wilhelm CIO Central & Eastern Europe Microsoft IT

DON T BE AN EASY TARGET

Optimizing the Mobile Cloud Era Through Agility and Automation

A Survey on Security Issues in Service Delivery Models of Cloud Computing

CryptoLocker la punta dell iceberg, impariamo a difenderci dagli attacchi mirati. Patrick Gada 18 March 2015 Senior Sales Engineer

Analyzing HTTP/HTTPS Traffic Logs

European developer & provider ensuring data protection User console: Simile Fingerprint Filter Policies and content filtering rules

MAKING BUSINESS MOBILITY BETTER Best practices for business mobility management

Sicurezza Data Center 22 giugno Fabio Paravani Regional Account Manager

The Economic Outlook Il quadro economico INTELLIGENCE ON THE WORLD, EUROPE, AND ITALY LO SCENARIO DI OGGI E DI DOMANI PER LE STRATEGIE COMPETITIVE

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

Cloud Based Secure Web Gateway

Security Trends. The Case for Intelligence-Driven Security. Copyright 2013 EMC Corporation. All rights reserved.

Cloud Security solutions

Mobile & Security? Brice Mees Security Services Operations Manager

ITAR Compliance Best Practices Guide

Global Network and Application Security Testing Market An Overview of Emerging Trends and Growth Opportunities For Test Solution Vendors

Mobile Security - Mobilidade Bancária e Digital Workers. Américo Alonso, CISSP, CIS LATAM Offering Manager for CyberSecurity

media kit 2014 Advertise Global Mobile Ad Network

Corporate Presentation 2016

Enterprise on the Go. How enterprises can leverage mobile apps

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Cisco Advanced Malware Protection for Endpoints

Data-Centric Security. New imperatives for a new age of data

AB 1149 Compliance: Data Security Best Practices

Mobile device and application management. Speaker Name Date

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

State of App Security

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Bell Mobile Device Management (MDM)

WildFire. Preparing for Modern Network Attacks

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

RETHINKING CYBER SECURITY Changing the Business Conversation

Emerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices

L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management

Data Center is the Foundation of Carrier ICT Transformation. The challenges of building a service driven data center

Symantec Mobile Management Suite

Information Technology Strategic Plan

Protecting Content and Securing the Organization Through Smarter Endpoint Choices

A Mock RFI for a SD-WAN

DEPLOYMENT. ASSURED. SEVEN ELEMENTS OF A MOBILE TEST STRATEGY. An Olenick & Associates White Paper

Making the Enterprise Mobile First. Riccardo Canetta Regional Sales Director, Mediterranean

Ibrahim Yusuf Presales Engineer at Sophos Smartphones and BYOD: what are the risks and how do you manage them?

4 Steps to Effective Mobile Application Security

Symantec Advanced Threat Protection: Network

Fostering Incident Response and Digital Forensics Research

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

Putting Operators at the Centre of

Cyber Security solutions

VIGILANCE INTERCEPTION PROTECTION

A Channel Company White Paper. Online Security. Beyond Malware and Antivirus. Brought to You By:

Top Ten Cyber Threats

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Hands on, field experiences with BYOD. BYOD Seminar

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Application Defined E2E Security for Network Slices. Linda Dunbar Diego Lopez

The Benefits of an Integrated Approach to Security in the Cloud

Security Challenges and Solutions for Higher Education. May 2011

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

How to Secure Your Environment

The Evolving Threat Landscape: Protecting Your Mobile and Virtual Environment from Emerging Security Threats

How Attackers are Targeting Your Mobile Devices. Wade Williamson

SECURE YOUR BUSINESS WHEREVER IT TAKES YOU. Protection Service for Business

Information Protection in Today s Changing Mobile and Cloud Environments

Data Security as a BDM Best Practice

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Why cybersecurity is a strategic issue

The Security Issue Data Marketing 2013 Conference Presented by:

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss

Secure and Effective IT Infrastructure

BEST PRACTICE GUIDE MOBILE DEVICE MANAGEMENT AND MOBILE SECURITY.

W H I T E P A P E R E m b r a c i n g C o n s u m e r i z a t i o n w i t h C o n f i d e n c e

November 4, Underwritten by:

Intelligence Driven Security

CloudLink CypherX - A Defendection

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus

Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience

Rashmi Knowles Chief Security Architect EMEA

Protecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11

PENETRATION TESTING GUIDE. 1

ISO 27002:2013 Version Change Summary

MOBILE SECURITY: DON T FENCE ME IN

Security and Privacy

Attack Intelligence Research Center Monthly Threat Report MalWeb Evolution and Predictions

Transcription:

ING Information Security Management Focal points for the future Giuliano Merlo Head of Operational Risk and Security ING Direct Italy CPEXPO Exhibition Genova - October 30 th, 2013

ING ING is a Banking and Insurance group, Netherlands based, offering banking products, investments, insurance and pension products. With 61 millions of clients, ING is present in Europe, North America, Latin America and Asia. The pillars of ING strategy are: CUSTOMER CENTRICITY OPERATIONAL EXCELLENCE TOP EMPLOYER 2

ING DIRECT Italia 2001: 2004: 2005: 2008: 2009: 2011: 2012: 2013: nasce la banca in Italia, con il prodotto Conto Arancio, il primo conto di deposito italiano che avrà grande successo arriva il primo utile in anticipo rispetto alle previsioni. Si lanciano i mutui oggi offerti a tasso variabile, fisso, rata costante i primi fondi low cost arriva il conto corrente a zero spese (anche l imposta di bollo è gratuita) lancio del trading on line e completamento della gamma dei fondi lancio delle filiali lancio di Assicurazione Vita lancio della App per Android e per iphone 3

ING DIRECT in numbers 95% digital customers 200.000 downloaded Apps in 6 months 1.100 average of downloads per day 13 bank shops New Customers 50% self-service 50% face-to-face Servicing 95% self-service 5% face-to-face Multichannel acquisition and self-service in operations activity 4

Information Security Trends: from Here to 2020 Data Explosion Always-On Connected World Infrastructure Revolution Future of Banking Tougher Regulations Multiple Internets New Identity and Trust Models Increase sharing of sensitive data between Companies and individuals Proliferation of devices generating traffic Greater need for data classification and protection Greater connectivity driven by social networking Greater connectivity between devices Increased connectivity with national infrastructure and public services Centralisation of computer resources (ex data centres) through cloud computing Greater importance with regards to Outsourcing Bring Your Own Device Increased level of electronic and mobile commerce banking Development of new payment models Cybercrime growth Increase of national and internationl regulation (Basel 3, etc ) Increasing attention to (Customers ) Data Privacy Pressure to develop new Information Risk Management Standards Greater censorship Political motivations driving new state/regional internets New and more secure closed networks Continuous decline of effectiveness of current identity models New models of trust to be developed for people and assets Identity as a key factor to move from perimeter security to information based security 5

Information Security Focal Points (2012-2015) Cloud Computing Data Leakage Prevention Trust Model Security architecture with focus on proactive risk based protection Physical and logical separation at any level of the stack User Access Management granular enough to enable/control: Remote access and BYOD Cloud computing opportunities Federated Identity and Access Management Effective and mature security monitoring (correlation included) New effective data classification approach Mobile Banking Collaboration/ Social Media Open Bank Standards CyberCrime Innovation in order to become more flexible, agile and sustainable Rethinking of Information Risk Management approach Bank in A box Zero Touch Infrastructure Clear strategy/policy to cope with collaboration and social media needs Cybercrime framework up to date with current threat levels Increase effectiveness of CERT in: Response time Damage control across the organization 6

CyberCrime CyberCrime Generic Organizational Improvements Generic IT Improvements E-Frauds DDoS APT 7

APT - Challenges Attacker related Company Related Attackers (e.g. criminals, activists, companies and governments) are rapidly growing more mature: Objective: It is very difficult to understand attackers underlying goals, objectives and motivations Tools and methods used are rapidly increasing in level of sophistication. Malware is designed for specific attacks and difficult to detect by generic anti-malware or anti-virus software Resources: Attackers have increased time, funds and communities available to do their job. For organizations, it is very difficult to assess what is normal intended behavior versus an advanced persistent threat: Complexity: in large organizations, the majority of business processes cross the internal organizational boundaries Size: datacentres, servers, thousands of connections to the outside world (email, WiFi, internet, file transfers, etc ) Understanding & conviction: both on an individual level and an organizational level the understanding and conviction for APT as a topic is insufficient. Weakest link: The lateral movement in an attack makes that one weak link is sufficient to enter the network. The overall risk is the risk of the weakest link. 8

APT - Principles Attacker related 1. Every IT asset should be treated as if it is directly connected to the internet. It is no longer useful to make distinction between external and internal systems 2. Change of mindset: think as if we are already hacked, i.e. we need to shift our focus from 100% prevention to a more balanced focus on prevention, detection and response 3. The approach needs to focus on regular fire drills, i.e. attacking ourselves, to test prevention, detection and response capabilities Company Related 4. Improving capability for APT resilience will be the primary responsibility of every individual business unit and each unit should work on that in a consistent manner 5. There is the need of a centralized program that will: Regularly measure and report on the maturity of the different parts of the organization truly share of services such as information gathering, information sharing, training, global response team and global security operational and monitoring control center 9

Q/A? 10

Thanks Thank you 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information